Tag Archives: CYBERWARFARE

Post navigation

At the height of the economic crisis in 2008, Saturday Night Live’s “Weekend Update” comedy news show rolled out the character Oscar Rogers as a faux financial commentator. His advice on how to restore the economy? “Fix it! It needs to be fixed! Now!”

Four years later, lawmakers are grappling with a cybercrisis, and despite rising concerns, legislative debates over how to secure U.S. networks and infrastructure have often resembled nothing so much as Oscar Rogers yelling “Fix it!”

Now, with Congress looking unlikely to act anytime soon to fix vulnerabilities in the nation’s computer systems that leave them open to cyberattacks, President Obama is weighing the pros and cons of using anexecutive order to do what Congress hasn’t.

Experts in government and industry alike report a tide of attacks aimed at stealing information from individuals, companies, and government agencies, potentially making a strong case for presidential action.

Further bolstering the case are warnings from top national-security officials that a catastrophic attack on a critical system like those that run energy grids or chemical plants could cause damage to the economy or even loss of life.

But Obama needs to consider his options carefully, because any unilateral steps could invite accusations from his critics of overstepping his authority. As the acrimonious debate over antipiracy legislation illustrated earlier this year, simmering Internet issues can easily explode.

In the final days before the August recess, the Senate hit an impasse on broad cybersecurity legislation that the White House and national-security and defense leaders support. The bill stalled after businesses and Republicans said the legislation would create burdensome regulations for industry without doing enough to shore up defenses against cyberattacks.

Top White House counterterrorism aide John Brennan said earlier this month that Obama was looking at the possibility of an executive order but that there is no decision yet.

Lee Hamilton, a Democratic former House member who sits on a board that advises the Homeland Security Department and who examined government security failures as cochair of the 9/11 Commission, said that Obama is right to consider moving forward on his own. He said the stalemate in Congress is a “serious breakdown” reminiscent of failures before the terrorist attacks on Sept. 11, 2001.

“The preference would be to work together with Congress, but the threat is serious enough that an executive order is in line,” he said. “There is certainly a lack of urgency in dealing with this, and it’s not a business-as-usual problem. Given the fact that Congress hasn’t acted, the president has the obligation to put together options to secure the country.”

While the debate in Congress largely broke down along party lines, some prominent Republicans support the cybersecurity standards backed by the White House.

Top national-security advisers for GOP presidential candidate Mitt Romney, such as former Homeland Security Secretary Michael Chertoff and former National Security Agency and Central Intelligence Agency chief Michal Hayden, differed with Republicans in Congress and publicly called for the Senate to pass provisions that have Obama’s support.

Romney campaign spokeswoman Andrea Saul declined to elaborate on the Republican candidate’s assertion that more needs to be done to secure American networks, or comment on whether he would favor using an executive order in the absence of legislation. But she reiterated Romney’s promise to make cybersecurity an early priority and didn’t rule out executive action. Romney’s plan would require agencies to begin developing a new national cybersecurity strategy within the first 100 days of his administration. “Once the strategy is formulated he will determine how best it can be implemented,” Saul said in an e-mail.

Polls show that while Americans express concerns over cyberattacks, they, too, are divided over what should be done.

Backers of the White House’s proposals, however, say an executive order could add clarity to the debate and prove to skeptics that the government can play a greater role in protecting American networks without violating privacy or burdening private businesses.

“I think it’s hard to make things any messier than it was politically,” said James Lewis, an expert at the Center for Strategic and International Studies. “If done right, an executive order could help critics reconsider their arguments.”

That’s an analysis echoed by University of California (Berkeley) professor Steven Weber who said many people seem to be “sleepwalking” when it comes to the threat of cyberattacks. An executive order, he said, could reform cybersecurity policies before a catastrophic attack galvanizes public opinion.

An executive order could give Obama the chance to take a strong stand on a rising national-security concern while portraying Republicans in Congress as ditherers.

But an order is unlikely to accomplish all of the White House’s aims. It couldn’t hand DHS wider authority to ensure that certain private networks are secure. Nor could it entirely ease legal restrictions that prevent businesses from sharing threat information. Even policy changes for some federal network-security policies would likely need congressional action. Additionally, any action would need to avoid inciting privacy watchdogs who fear cybersecurity could be used as an excuse to undermine civil liberties.

And some analysts said the politics of an executive order could cut both ways for Obama. Presidents often win political debates that pit them against an unpopular Congress, especially one perceived as unable to do anything substantive, said Peter Feaver, a former National Security Council staffer during the Clinton and George W. Bush administrations. But if Obama were to take unilateral action, it would give his critics on the right an opening to paint him as an “imperial” president and to accuse him of saddling business with new regulations, Feaver said.

“In general, White Houses win in these fights with Congress, but this White House has played this card many times,” Feaver said. “This is an issue where there are bound to be unintended consequences and any cybersecurity measures will need a system to fix and update the provisions down the road. This administration has a hard sell assuring people to trust them to fix things later.”

Paul Rosenzweig, a consultant and visiting fellow at the conservative Heritage Foundation, said a cybersecurity executive order could play into both the “imperial presidency and do-nothing-Congress” narratives, but said he thinks there is a genuine possibility for a future compromise and unilateral action by Obama would do little to actually help secure private networks

At the height of the economic crisis in 2008, Saturday Night Live’s “Weekend Update” comedy news show rolled out the character Oscar Rogers as a faux financial commentator. His advice on how to restore the economy? “Fix it! It needs to be fixed! Now!”

Four years later, lawmakers are grappling with a cybercrisis, and despite rising concerns, legislative debates over how to secure U.S. networks and infrastructure have often resembled nothing so much as Oscar Rogers yelling “Fix it!”

Now, with Congress looking unlikely to act anytime soon to fix vulnerabilities in the nation’s computer systems that leave them open to cyberattacks, President Obama is weighing the pros and cons of using anexecutive order to do what Congress hasn’t.

Experts in government and industry alike report a tide of attacks aimed at stealing information from individuals, companies, and government agencies, potentially making a strong case for presidential action.

Further bolstering the case are warnings from top national-security officials that a catastrophic attack on a critical system like those that run energy grids or chemical plants could cause damage to the economy or even loss of life.

But Obama needs to consider his options carefully, because any unilateral steps could invite accusations from his critics of overstepping his authority. As the acrimonious debate over antipiracy legislation illustrated earlier this year, simmering Internet issues can easily explode.

In the final days before the August recess, the Senate hit an impasse on broad cybersecurity legislation that the White House and national-security and defense leaders support. The bill stalled after businesses and Republicans said the legislation would create burdensome regulations for industry without doing enough to shore up defenses against cyberattacks.

Top White House counterterrorism aide John Brennan said earlier this month that Obama was looking at the possibility of an executive order but that there is no decision yet.

Lee Hamilton, a Democratic former House member who sits on a board that advises the Homeland Security Department and who examined government security failures as cochair of the 9/11 Commission, said that Obama is right to consider moving forward on his own. He said the stalemate in Congress is a “serious breakdown” reminiscent of failures before the terrorist attacks on Sept. 11, 2001.

“The preference would be to work together with Congress, but the threat is serious enough that an executive order is in line,” he said. “There is certainly a lack of urgency in dealing with this, and it’s not a business-as-usual problem. Given the fact that Congress hasn’t acted, the president has the obligation to put together options to secure the country.”

While the debate in Congress largely broke down along party lines, some prominent Republicans support the cybersecurity standards backed by the White House.

Top national-security advisers for GOP presidential candidate Mitt Romney, such as former Homeland Security Secretary Michael Chertoff and former National Security Agency and Central Intelligence Agency chief Michal Hayden, differed with Republicans in Congress and publicly called for the Senate to pass provisions that have Obama’s support.

Romney campaign spokeswoman Andrea Saul declined to elaborate on the Republican candidate’s assertion that more needs to be done to secure American networks, or comment on whether he would favor using an executive order in the absence of legislation. But she reiterated Romney’s promise to make cybersecurity an early priority and didn’t rule out executive action. Romney’s plan would require agencies to begin developing a new national cybersecurity strategy within the first 100 days of his administration. “Once the strategy is formulated he will determine how best it can be implemented,” Saul said in an e-mail.

Polls show that while Americans express concerns over cyberattacks, they, too, are divided over what should be done.

Backers of the White House’s proposals, however, say an executive order could add clarity to the debate and prove to skeptics that the government can play a greater role in protecting American networks without violating privacy or burdening private businesses.

“I think it’s hard to make things any messier than it was politically,” said James Lewis, an expert at the Center for Strategic and International Studies. “If done right, an executive order could help critics reconsider their arguments.”

That’s an analysis echoed by University of California (Berkeley) professor Steven Weber who said many people seem to be “sleepwalking” when it comes to the threat of cyberattacks. An executive order, he said, could reform cybersecurity policies before a catastrophic attack galvanizes public opinion.

An executive order could give Obama the chance to take a strong stand on a rising national-security concern while portraying Republicans in Congress as ditherers.

But an order is unlikely to accomplish all of the White House’s aims. It couldn’t hand DHS wider authority to ensure that certain private networks are secure. Nor could it entirely ease legal restrictions that prevent businesses from sharing threat information. Even policy changes for some federal network-security policies would likely need congressional action. Additionally, any action would need to avoid inciting privacy watchdogs who fear cybersecurity could be used as an excuse to undermine civil liberties.

And some analysts said the politics of an executive order could cut both ways for Obama. Presidents often win political debates that pit them against an unpopular Congress, especially one perceived as unable to do anything substantive, said Peter Feaver, a former National Security Council staffer during the Clinton and George W. Bush administrations. But if Obama were to take unilateral action, it would give his critics on the right an opening to paint him as an “imperial” president and to accuse him of saddling business with new regulations, Feaver said.

“In general, White Houses win in these fights with Congress, but this White House has played this card many times,” Feaver said. “This is an issue where there are bound to be unintended consequences and any cybersecurity measures will need a system to fix and update the provisions down the road. This administration has a hard sell assuring people to trust them to fix things later.”

Paul Rosenzweig, a consultant and visiting fellow at the conservative Heritage Foundation, said a cybersecurity executive order could play into both the “imperial presidency and do-nothing-Congress” narratives, but said he thinks there is a genuine possibility for a future compromise and unilateral action by Obama would do little to actually help secure private networks

Hacker Team Poison group promises to reveal LulzSec members identities: Are LulzSec the lesser of two evils?

While LulzSec continues its Operation Anti-Security campaign against the world, rival group Team Poison has issued a statement promising to unmask LulzSec’s members.

The group reported its intention to reveal all LulzSec’s members true identities earlier this month. Speaking to Fox News a member working under the pseudonym Hex0010 commented “We’re here to show the world that they’re [LulzSec] nothing but a bunch of script kiddies.

“We’re going to let them do what they do. Then we’re going to do what we do”, adding, “We’re going to hit them hard.”

The claim comes just as LulzSec announced its new Operation Ant-Security campaign. The operation has seen LulzSec team-up with its 4Chan-born sibling Anonymous to help rebel and protest any and all cases of internet censorship and moderation through a series of coordinated cyber attacks and hacks.

In his statement Hex refuted LulzSec’s claims that Cleary was not a member. Hex commented to Fox News, “You can say he’s one of the people that ran it, you can say he’s a middleman. Depends on how you look at it. I think he’s a middleman.”

Team Poison has also claimed responsibility for an attack on suspected LulzSec member Sven Slootweg’s website.

Team Poison isn’t the first group to have made such claims. Already “cyber vigilante” outfit Team Ninja made a similar claim posting alleged names, addresses, phone numbers and at points pictures of individuals it claimed were LulzSec members.

The individuals named included a 34-year-old Brazilian named Sabu, Slootweg, a freelance journalist named Barret Brown and a U.S. Marine name Casey Gardiner — the truth of these claims is yet to be verified.

The fact that Team Poison is targeting LulzSec has not been universally hailed as good news. The hacking group has an extremely checkered past. It is believed to have connections both with the Mujahdeen Hacking Unit and Pakistan Cyber Army.

The Mujahdeen Hacking Unit was the hacking group that targeted Facebook late last year.

Team Poison has also been constantly speculated as having overtly zealous religious leanings — a fact that may make several governments uncomfortable with the group’s involvement.

In the same interview with Fox Hex commented on the topic, “”We’re a group that consists of political hackers,” elaborating “A lot of people consider us being a religious type thing — in reality it’s not. When international governments are doing wrong and trying to hide from it, we’re there.”

Many analyst’s have already speculated that Team Poison’s targeting of LulzSec could be born of “professional jealousy”.

If true, then Team Poisons new involvement could be more harmful than helpful. The attack on LulzSec could lead to revenge attacks from both LulzSec and its comrade in arms Anonymous.

Additionally, as demonstrated by the laundry list of hacks and cyber attacks Team Poison is suspected of, the hatred for LulzSec could turn into a game of one-upmanship, with each group trying to hack a bigger target than the other.

Team Poison is yet to release the information it promised on Fox News.

Hacker Team Poison group promises to reveal LulzSec members identities: Are LulzSec the lesser of two evils?

While LulzSec continues its Operation Anti-Security campaign against the world, rival group Team Poison has issued a statement promising to unmask LulzSec’s members.

The group reported its intention to reveal all LulzSec’s members true identities earlier this month. Speaking to Fox News a member working under the pseudonym Hex0010 commented “We’re here to show the world that they’re [LulzSec] nothing but a bunch of script kiddies.

“We’re going to let them do what they do. Then we’re going to do what we do”, adding, “We’re going to hit them hard.”

The claim comes just as LulzSec announced its new Operation Ant-Security campaign. The operation has seen LulzSec team-up with its 4Chan-born sibling Anonymous to help rebel and protest any and all cases of internet censorship and moderation through a series of coordinated cyber attacks and hacks.

In his statement Hex refuted LulzSec’s claims that Cleary was not a member. Hex commented to Fox News, “You can say he’s one of the people that ran it, you can say he’s a middleman. Depends on how you look at it. I think he’s a middleman.”

Team Poison has also claimed responsibility for an attack on suspected LulzSec member Sven Slootweg’s website.

Team Poison isn’t the first group to have made such claims. Already “cyber vigilante” outfit Team Ninja made a similar claim posting alleged names, addresses, phone numbers and at points pictures of individuals it claimed were LulzSec members.

The individuals named included a 34-year-old Brazilian named Sabu, Slootweg, a freelance journalist named Barret Brown and a U.S. Marine name Casey Gardiner — the truth of these claims is yet to be verified.

The fact that Team Poison is targeting LulzSec has not been universally hailed as good news. The hacking group has an extremely checkered past. It is believed to have connections both with the Mujahdeen Hacking Unit and Pakistan Cyber Army.

The Mujahdeen Hacking Unit was the hacking group that targeted Facebook late last year.

Team Poison has also been constantly speculated as having overtly zealous religious leanings — a fact that may make several governments uncomfortable with the group’s involvement.

In the same interview with Fox Hex commented on the topic, “”We’re a group that consists of political hackers,” elaborating “A lot of people consider us being a religious type thing — in reality it’s not. When international governments are doing wrong and trying to hide from it, we’re there.”

Many analyst’s have already speculated that Team Poison’s targeting of LulzSec could be born of “professional jealousy”.

If true, then Team Poisons new involvement could be more harmful than helpful. The attack on LulzSec could lead to revenge attacks from both LulzSec and its comrade in arms Anonymous.

Additionally, as demonstrated by the laundry list of hacks and cyber attacks Team Poison is suspected of, the hatred for LulzSec could turn into a game of one-upmanship, with each group trying to hack a bigger target than the other.

Team Poison is yet to release the information it promised on Fox News.

According to Teampoison, MI6 was targeted because officials “help lock up innocent people they themselves label as terrorists with no proof at all”.

The reason given for the latest attack was the extradition of Babar Ahmad, Adel Abdel Bary and others from the UK for trial in the US.

“We all know how the US treats innocent Muslims they label as terrorists, eg – Aafia Siddiqui,” said Teampoison.

Babar Ahmad and four other terror suspects lost their battle at the European Court of Human Rights against extradition.

Ahmad was first arrested in December 2003 and then released without charge. In August 2004, he was arrested again and and accused of running an important pro-jihad site, Azzam. The website allegedly played a role in inciting hatred against the West among young Muslims in Europe.

Bary has been held in the UK without trial for one of the longest periods on record. He has been accused of being Osama Bin Laden’s right-hand man in London and of promoting violent jihad against the West.

“Adel Abdel Bary has been in prison for 12 years in the UK. Apparently he received a phone call from Osama years ago, therefore they imprisoned him claiming they had a tape of the call but there was never a witness to prove it or show the tape,” reads Trick’s statement. “If I was to call George Bush would they lock George Bush up for receiving a phone call from a cyber-terrorist/hacker?”

According to Teampoison, MI6 was targeted because officials “help lock up innocent people they themselves label as terrorists with no proof at all”.

The reason given for the latest attack was the extradition of Babar Ahmad, Adel Abdel Bary and others from the UK for trial in the US.

“We all know how the US treats innocent Muslims they label as terrorists, eg – Aafia Siddiqui,” said Teampoison.

Babar Ahmad and four other terror suspects lost their battle at the European Court of Human Rights against extradition.

Ahmad was first arrested in December 2003 and then released without charge. In August 2004, he was arrested again and and accused of running an important pro-jihad site, Azzam. The website allegedly played a role in inciting hatred against the West among young Muslims in Europe.

Bary has been held in the UK without trial for one of the longest periods on record. He has been accused of being Osama Bin Laden’s right-hand man in London and of promoting violent jihad against the West.

“Adel Abdel Bary has been in prison for 12 years in the UK. Apparently he received a phone call from Osama years ago, therefore they imprisoned him claiming they had a tape of the call but there was never a witness to prove it or show the tape,” reads Trick’s statement. “If I was to call George Bush would they lock George Bush up for receiving a phone call from a cyber-terrorist/hacker?”

Related Stories

German engineering giant Siemens has issued a fix for the software loopholes used by the notorious Stuxnet worm.

Stuxnet was discovered in 2010 after investigations into malfunctions at many industrial plants and factories.

Iran’s nuclear enrichment efforts were hit hard by Stuxnet which targeted the devices that control delicate industrial processes.

The fix comes as reports circulate of a fresh cyber attack on Iranian nuclear enrichment project.

Burn out

Stuxnet exploited loopholes in the software Siemens wrote to oversee the running of its programmable logic controllers – devices used in many industrial facilities to automate a production process.

When a controller was infected with Stuxnet it made the motors it was typically connected to run out of control and burn out. This is believed to have been behind Iran’s need to replace many of the centrifuges it was using in its Natanz uranium enrichment plant.

Siemens has issued advisories saying it has updated the Simatic code in the controllers to remove the loopholes.

It is not yet clear who created Stuxnet, but security researchers say it is so complex and tightly targeted that only a nation would be able to marshal the resources to put it together.

Stuxnet is just one of several similar malicious programs created to attack industrial control systems.

Experts speculate that many were made to slow down and disrupt Iran’s nuclear production processes.

Iran has regularly denied that the viruses have hit its nuclear programme.

The Siemens update comes as security firm F-Secure received an email believed to have been sent by a scientist working at Iran’s Atomic Energy Organization.

In the message, the scientist said its plants at Natanz and Qom have been hit again by a worm.

Top F Secure security researcher Mikko Hypponen said it had not been able to confirm any of the details in the message. However, digital detective work did reveal that the message had come from within the Atomic Energy agency.

On 23 July, Iran issued a statement saying it had successfully “confronted” sophisticated malware and thwarted all the cyber attacks against the nation’s infrastructure.

Reza Taqipur, Iran’s minister of communication and information technology, said it was sometimes hit by as many as two million cyber attacks a day, but its ability to deal with them was growing daily.